NetsparkerApril 8, 2010
Netsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners. Netsparker Community Edition also detects many other vulnerabilities such as finding and reporting backup files, source code disclosures, Crossdomain.xml issues, SVN/CVS disclosures, internal path disclosures, error messages and many more.
Netsparker® Community Edition shares many features with Netsparker® Professional and just like Netsparker Professional, Community Edition is also False Positive Free. It can detect SQL Injection and Cross-site Scripting issues better than many other scanners (if not all), and it’s completely FREE.
Fiddler2November 19, 2009
Fiddler는 웹 디버깅 프록시툴이다.
모든 HTTP(s)의 트래픽을 캡쳐할수 있으며 해당 트래픽을 조사하며 점검할수 있다.
.NET으로 만들어져 있으며 IE,Firefox, Opera 그리고 수많은 브라우저에 Addon으로 사용할수 있다. 사용한 바로는 버프나 파로스처럼 로컬 아이피를 변경하지 않아도 패킷을 보거나 변조 가능하다.
디코딩 기능까지 있다.
웹취약점 테스트및 웹개발시 디버깅할때 매우 유용할것을 보인다.
정말 멋진 프로그램인데..유후
The Nessus vulnerability scannerAugust 21, 2009
The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
X-Scan v3.3August 21, 2009
X-Scan is a general scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. Which X-Scan feature include in the following: service type, remote OS type and version detection, weak user/password pair, and all of the nessus attack scripts combination.
2005년도 이후로 업데이트가 없다..아쉽군..
RegSnapApril 8, 2010
RegSnap은 윈도우 레지스트리의 변경되는것을 분석하는데 유용한 툴이다
사용법은 변경전의 레지스트리를 스냅샷하고 변경후에 스냅샷하고 비교하면 끝.
상용버전이라서 돈내고 써야함..일단 급한데로 트라이얼로도 쓸수있음..
악성코드 분석하기전에 스냅샷 찍고 분석하면 조금 편함
Microsoft Network Monitor 3.3July 10, 2009
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
ProxyStrikeApril 8, 2010
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.
SIWJune 2, 2009
SIW is an advanced System Information for Windows tool that gathers detailed information about your system properties and settings and displays it in an extremely comprehensible manner.
| Pentest | posted by beatto
| Network Security | posted by 